This topic is locked

Security

12/21/2006 6:12:18 PM
ASPRunnerPro General questions
skemp author

Hi,
Is it possible for asprunner to use active directory account for a certain group. I would like to make it so that when users login to their domain, they may access the asprunner application without having to login again.
I was told in a previous email to use the following..
SESSION("UserID") = "username"

SESSION("AccessLevel") = ACCESS_LEVEL_USER

SESSION("GroupID") = "usergroup
However when I place this text at the top of the table_list.asp page (as directed) I still get prompted for a username and password. Where I get confused is when setting up security using asprunner, it asks for either a hard-coded username and password or one derived from a table. So then how will it use the active directory account if it is trying to use info from a table that contains a username and password.?
Please help.
Sheryl

Sergey Kornilov admin 12/21/2006

Sheryl,
could you post first 20-30 lines of your list file here?

skemp author 12/23/2006

Sheryl,

could you post first 20-30 lines of your list file here?


<%@ Language=VBScript %>
<%
If Session("UserID")="" then

Session("MyURL")=request.ServerVariables("SCRIPT_NAME") & "?" & request.ServerVariables("QUERY_STRING")

Response.Redirect "login.asp?message=expired"

End If

if CheckSecurity("", "Add")<>True and CheckSecurity("", "Search")<>True Then

Response.Write "<p>" & "You don't have permissions to access this table" & "<a href=""login.asp"">" & "Back to login page" & "</a></p>"

Response.End

end if
%>
<!--#include file="include/InspectorNewCases_variables.asp"-->

<!--#include file="include/InspectorNewCases_aspfunctions.asp"-->

<!--#include file="include/InspectorNewCasesevents.asp"-->

<!--#include file="include/jsvariables.asp"-->

<%

Call DefineScriptMessages
set fs=Server.CreateObject("Scripting.FileSystemObject")

if fs.FileExists(Server.MapPath("include/header.asp")) then


Server.Execute("include/header.asp")
Session(strTableName & "_ListURL")=Request.ServerVariables("SCRIPT_NAME") & "?" & Request.ServerVariables("QUERY_STRING")

if InStr(Session(strTableName & "_ListURL"), "action=OrderBy&")>0 then

Session(strTableName & "_ListURL") = Replace(Session(strTableName & "_ListURL"), "action=OrderBy&", "action=none&" )

end if
Session.LCID = 1033
Dim rs, dbConnection, strSQL
set dbConnection = server.CreateObject ("ADODB.Connection")

dbConnection.ConnectionString = strConnection
Thank you

Sergey Kornilov admin 12/26/2006

I don't see where you have added the code snippet we are talking about.

skemp author 1/3/2007

I don't see where you have added the code snippet we are talking about.


<!--#include file="include/dbcommon.asp"-->

<!--#include file="include/LetterPrintQueue_variables.asp"-->
<%

SESSION("UserID") = "username"

SESSION("AccessLevel") = ACCESS_LEVEL_USER

SESSION("GroupID") = "CityView Users"
if SESSION("UserID")="" then

SESSION("MyURL")=request.ServerVariables("SCRIPT_NAME")&"?"&request.ServerVariables("QUERY_STRING")

response.Redirect "login.asp?message=expired"

response.End

end if

if not CheckSecurity(SESSION("OwnerID"),"Search") and not CheckSecurity(SESSION("OwnerID"),"Add") then

response.Write "<p>" & "You don't have permissions to access this table" & " <a href=""login.asp"">" & "Back to login page" & "</a></p>"

response.End

end if

%>
<!--#include file="libs/smarty.asp"-->
<%

Session.LCID = 1033
on error resume next
dbConnection=""

dbconnect()

call ReportError

Set rs = server.CreateObject("ADODB.Recordset")

Set rss = server.CreateObject("ADODB.Recordset")
' process reqest data, fill session variables
if (Request.Form="" and Request.QueryString="") then
For Each key in Session.Contents

if left(key, len(strTableName)+1 ) = strTableName & "
" and

InStr(Mid(key, len(strTableName)+2), "
" )<1 then

Session.Contents.Remove(key)

end if

Next
set strTableName_asearchnot = CreateObject("Scripting.Dictionary")

set strTableName_asearchopt = CreateObject("Scripting.Dictionary")

set strTableName_asearchfor = CreateObject("Scripting.Dictionary")

set strTableName_asearchfortype = CreateObject("Scripting.Dictionary")

set strTableName_asearchfor2 = CreateObject("Scripting.Dictionary")

set session(strTableName & "_asearchnot")= strTableName_asearchnot

set session(strTableName & "_asearchopt") = strTableName_asearchopt

set session(strTableName & "_asearchfor") = strTableName_asearchfor

set session(strTableName & "_asearchfor2") = strTableName_asearchfor2

set session(strTableName & "_asearchfortype") = strTableName_asearchfortype

end if

Sergey Kornilov admin 1/3/2007

This way it should work.

skemp author 1/3/2007



<!--#include file="include/dbcommon.asp"-->

<!--#include file="include/LetterPrintQueue_variables.asp"-->
<%

SESSION("UserID") = "username"

SESSION("AccessLevel") = ACCESS_LEVEL_USER

SESSION("GroupID") = "CityView Users"
if SESSION("UserID")="" then

SESSION("MyURL")=request.ServerVariables("SCRIPT_NAME")&"?"&request.ServerVariables("QUERY_STRING")

response.Redirect "login.asp?message=expired"

response.End

end if

if not CheckSecurity(SESSION("OwnerID"),"Search") and not CheckSecurity(SESSION("OwnerID"),"Add") then

response.Write "<p>" & "You don't have permissions to access this table" & " <a href=""login.asp"">" & "Back to login page" & "</a></p>"

response.End

end if

%>
<!--#include file="libs/smarty.asp"-->
<%

Session.LCID = 1033
on error resume next
dbConnection=""

dbconnect()

call ReportError

Set rs = server.CreateObject("ADODB.Recordset")

Set rss = server.CreateObject("ADODB.Recordset")
' process reqest data, fill session variables
if (Request.Form="" and Request.QueryString="") then
For Each key in Session.Contents

if left(key, len(strTableName)+1 ) = strTableName & "
" and

InStr(Mid(key, len(strTableName)+2), "
" )<1 then

Session.Contents.Remove(key)

end if

Next
set strTableName_asearchnot = CreateObject("Scripting.Dictionary")

set strTableName_asearchopt = CreateObject("Scripting.Dictionary")

set strTableName_asearchfor = CreateObject("Scripting.Dictionary")

set strTableName_asearchfortype = CreateObject("Scripting.Dictionary")

set strTableName_asearchfor2 = CreateObject("Scripting.Dictionary")

set session(strTableName & "_asearchnot")= strTableName_asearchnot

set session(strTableName & "_asearchopt") = strTableName_asearchopt

set session(strTableName & "_asearchfor") = strTableName_asearchfor

set session(strTableName & "_asearchfor2") = strTableName_asearchfor2

set session(strTableName & "_asearchfortype") = strTableName_asearchfortype

end if


That worked Great!! Thank you. If I want to do this for other files is it the exact same code or is there one section from this that I can place in the 'before load' page?

Sergey Kornilov admin 1/3/2007

If you like to add this to other files paste the same three lines into the beginning of each file.

skemp author 1/3/2007



That worked Great!! Thank you. If I want to do this for other files is it the exact same code or is there one section from this that I can place in the 'before load' page?


Wonderful! Thank you so much. As always you are a tremendous help to me!

lefty 1/4/2007



Wonderful! Thank you so much. As always you are a tremendous help to me!



I am trying to accomplish the same thing ; but I have multiple groups .
SESSION("UserID") = "username"

SESSION("AccessLevel") = ACCESS_LEVEL_USER

SESSION("GroupID") = "Group1"
I want the user to go to list page and show only his group records ; but I have more than one group. If he belongs to another group then no records will show .

skemp author 1/5/2007



I am trying to accomplish the same thing ; but I have multiple groups .
SESSION("UserID") = "username"

SESSION("AccessLevel") = ACCESS_LEVEL_USER

SESSION("GroupID") = "Group1"
I want the user to go to list page and show only his group records ; but I have more than one group. If he belongs to another group then no records will show .


Help please!!
I used the code above "username" and it works but logs me in as that name "username" instead of my actual username. This is what our login for other apps look like
charlotte\ + OfficeAdmin
(officeadmin being the name of the field that holds the username)
How may I use this for the authentication?